ó ®â0_c@sÕddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z d„Zd e fd „ƒYZd e fd „ƒYZd e fd„ƒYZdefd„ƒYZdS(iÿÿÿÿ(tsettings(tauth(t load_backend(tRemoteUserBackend(tImproperlyConfigured(tMiddlewareMixin(tSimpleLazyObjectcCs+t|dƒs$tj|ƒ|_n|jS(Nt _cached_user(thasattrRtget_userR(trequest((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR stAuthenticationMiddlewarecBseZd„ZRS(csPtˆdƒs4tdtjdkr*dndƒ‚t‡fd†ƒˆ_dS(NtsessionsóThe Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE%s setting to insert 'django.contrib.sessions.middleware.SessionMiddleware' before 'django.contrib.auth.middleware.AuthenticationMiddleware'.t_CLASSEStcs tˆƒS(N(R ((R (s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pytR(RtAssertionErrorRt MIDDLEWAREtNoneRtuser(tselfR ((R s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pytprocess_requests(t__name__t __module__R(((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR stSessionAuthenticationMiddlewarecBseZdZd„ZRS(sb Formerly, a middleware for invalidating a user's sessions that don't correspond to the user's current session authentication hash. However, it caused the "Vary: Cookie" header on all responses. It's now a shim to allow a single settings file to more easily support multiple versions of Django. Will be RemovedInDjango20Warning. cCsdS(N((RR ((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR$s(RRt__doc__R(((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyRstRemoteUserMiddlewarecBs5eZdZdZeZd„Zd„Zd„ZRS(sý Middleware for utilizing Web-server-provided authentication. If request.user is not authenticated, then this middleware attempts to authenticate the username passed in the ``REMOTE_USER`` request header. If authentication is successful, the user is automatically logged in to persist the user in the session. The header used is configurable and defaults to ``REMOTE_USER``. Subclass this class and change the ``header`` attribute if you need to use a different header. t REMOTE_USERcCsèt|dƒstdƒ‚ny|j|j}Wn7tk rk|jrg|jjrg|j|ƒndSX|jjr­|jj ƒ|j ||ƒkrdS|j|ƒnt j |d|ƒ}|rä||_t j ||ƒndS(NRsçThe Django remote user auth middleware requires the authentication middleware to be installed. Edit your MIDDLEWARE setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.t remote_user(RRtMETAtheadertKeyErrortforce_logout_if_no_headerRtis_authenticatedt_remove_invalid_usert get_usernametclean_usernameRt authenticatetlogin(RR tusernameR((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR<s"   ! cCsJ|jtj}tj|ƒ}y|j|ƒ}Wntk rEnX|S(ss Allows the backend to clean the username, if the backend defines a clean_username method. (R RtBACKEND_SESSION_KEYRR$tAttributeError(RR'R t backend_strtbackend((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR$bs cCsfy"t|jjtjdƒƒ}Wntk rBtj|ƒn Xt|tƒrbtj|ƒndS(s¡ Removes the current authenticated user in the request which is invalid but only if the user is authenticated via the RemoteUserBackend. RN( RR tgetRR(t ImportErrortlogoutt isinstanceR(RR tstored_backend((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR"os " ( RRRRtTrueR RR$R"(((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR(s   & tPersistentRemoteUserMiddlewarecBseZdZeZRS(s£ Middleware for Web-server provided authentication on logon pages. Like RemoteUserMiddleware but keeps the user authenticated even if the header (``REMOTE_USER``) is not found in the request. Useful for setups when the external authentication via ``REMOTE_USER`` is only expected to happen on some "logon" URL and the rest of the application wants to use Django's authentication mechanism. (RRRtFalseR (((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyR2~s N(t django.confRtdjango.contribRtdjango.contrib.authRtdjango.contrib.auth.backendsRtdjango.core.exceptionsRtdjango.utils.deprecationRtdjango.utils.functionalRR R RRR2(((s@/tmp/pip-unpacked-wheel-BAJOf3/django/contrib/auth/middleware.pyts   V